I've attended a number of CloudCamps around the world, and the question as to whether systems administrators are relevant in the post-cloud world always seems to come up. Let's put this silly question to bed: your cloud needs a sys admin.
Programmers vs. Sys Admins
A mature IT ecosystem has both systems administrators and developers. While there's a lot of overlap in the more mundane skills of each, I've rarely seen good sys admins make good programmers. And I've rarely seen good programmers make good sys admins. The cloud, however, has a nasty habit of deluding programmers into thinking they no longer need sys admins.
Programmer interaction with the sys admin comes in the following flavors:
- Working with a sys admin to plan an infrastructure for an application
- Waiting on the sys admin staff to provision and configure infrastructure for the development process
- Relying on the sys admin to keep a production system up and running
Programmers generally focus on interaction number 2—that's where the sys admin becomes a barrier to the programmer's getting their job done. If I need an Ubuntu server for a few days, why do I have to wait a month to get it? And why can't I have root access on that server? And whom do I have to bribe to open up that firewall port?
The cloud makes that sys admin barrier disappear for the programmer.
A programmer and a credit card can launch a server in the cloud. That programmer can use any operating system they want, have root access, and define any firewall rules they please. In fact, the programmer probably says, "Let's just open up port 22 to the world so we can access our servers from wherever we happen to be!"
The cloud also supports a level of automation—mostly the automation of tedious sys admin tasks—that can further encourage the programmer's belief that sys admins are superfluous in the cloud. After all, if enStratus will deploy your applications for you, secure the file system, make backups, and manage your users, what do you need a sys admin for?
Trust me, your cloud needs a sys admin.
Death by 1,000 Cuts
The programmer-managed infrastructure suffers from a death by a thousand cuts. The programmer is competent with technology and fully capable of setting up a system that can support the application being built. The programmer, however, lacks a detailed understanding of ongoing infrastructure management. Consequently, the programmer-managed infrastructure ultimately leads to an environment incapable of adjusting to changing demands and potentially opens vulnerabilities to hackers through discreet channels.
The reverse is true of the sys admins who fancy themselves programmers. They can craft Perl programs to do just about any task. Those programs, however, ultimately lack the solid architecture that programming skills provide.
Programmers Build Bad Machine Images
While tools like enStratus help you build secure machine images, building good machine images is still something only a sys admin can do. It takes years of experience with whatever your operating system is to tweak it to perform properly for the kinds of applications your company runs. A good sys admin knows that you need to get the packaged binaries for a certain software package on platform X, but you are better off compiling it from source on platform Y. A good sys admin has been staying informed about security alerts on operating systems components the programmer has never heard of. A good sys admin knows how to deploy applications securely on the operating systems they support.
Programmers Take Short-Cuts
I have seen programmers do a number of things in the cloud because they represent the path of least resistance to their core objective of creating an application:
- Deploy applications under the root user ID
- Open firewall rules to the world other than HTTP/HTTPS
- Ignore the need for intrusion detection
- Turning off cloud, OS, and enStratus alerts
These short-cuts expose the infrastructure to a risk that programmers typically do not fully appreciate.
Programmers Don't Track Sys Admin Trends
Programmers notoriously know just enough about the operating systems they are using to do what they need to do. Sure, they probably have 5 servers in their basement running 5 different flavors of Unix. That doesn't make them a sys admin.
Sys admins live and breathe hardware, the OS, and the network. They know the right feeds to follow to keep track of security alerts and advancements, and they know when to patch and when to let something slide. They also know how to manage the patching of production environments to minimize the impact on system uptime.